Friends, Followers, Fans: Be On Guard in 2010

By Mike Kronenberg

Do you use a social networking site? Be prepared, because I predict in 2010 it’ll be a major target for cyber criminals. Among the threat experts here at Webroot, we’ve discussed the ROI opportunity that social networks present an enterprising hacker who strings together the personal information people choose to share on social networks, or who creates a program to infect PCs with one click of a malicious link.

I’ve also discussed the issue with my colleagues in the security industry. Each of us acknowledges that users of all kinds – be it individuals, public figures, nonprofits, or corporations – assume a certain level of risk when signing on to one. But we all agree social networks are pretty much essential in today’s networked society and economy.

Given that, I’d like to share my take on the top five reasons why social networks hold such great appeal for cybercriminals so you can begin thinking about how you’ll use them in 2010.

Popularity: Social networking sites are extremely popular. Facebook alone has 350 million users, with 55 million updates posted every day, and over 3 billion piece of content shared each week. Online predators could have an incredible infection rate, even if only a fraction of the users come into contact with their malware.

Easy Access: With so many people using social networking sites, even not-very-bright cyber-criminals can focus on them. For instance, both Twitter and Facebook are targets of e-mail phishing expeditions in an attempt to get access to user passwords and login information. Even I’ve received a dozen messages in the last week asking me to click on obviously bogus links.

Security Breaches: Social networking sites — especially the newer ones — have to work hard to outsmart the hackers. For example, in August, David Naylor spotted a Twitter cross-site scripting vulnerability which enabled hackers to grab the cookies on users’ PCs and steal login info. While Twitter and other major social networking sites work quickly to shut down such attacks, it’s no surprise they’re a target of ever-increasing exploits.

Privacy Invasions: Too much of what you consider private — and stick on social networking sites — can end up on search engines. Unless you spend time really focusing on Facebook’s privacy settings, you just might discover data about yourself on Google.

Spam, Spam, Spam: If you think you’re getting lots of unexpected, unsolicited e-mail now, just give it time. Social networking sites — LinkedIn, MySpace, Facebook, and others — are where spammers are heading. That’s because even with CAPTCHA programs guarding the door, hackers are able to target specific demographics and use e-mail to embed links for viral marketing, phishing attacks, and redirects to dangerous sites.

Coming soon in a follow-up post, I’ll show to some ways to protect yourself from these insidious malware purveyors.